Application No. 10/782,739 



Docket No. CTX-197 



REMARKS 

Claims 1, 4-32 and 35-45 were presented for examination and all claims were rejected. 
In the present amendment, claims 1,7, 12 and 45 have been amended and claims 46 and 47 have 
been added. No new matter has been introduced. Upon entry of the present amendment, claims 
1, 4-32 and 35-47 will be currently pending in this application, of which claims 1, 17, 32 and 45 
are independent. Applicants submit that claims 1, 4-32 and 35-47 are patentable and in condition 
for allowance. 

The following comments address all stated grounds of rejection. Applicants traverse all 
rejections and urge the Examiner to pass the claims to allowance in view of the remarks set forth 
below. 

EXAMINER INTERVIEW 

Applicants wish to thank Examiner Lanier for taking the time to interview with the 
Applicants' representative on January 28, 2009, and for providing the Interview Summary for the 
interview. During the Interview, Examiner Lanier clarified the Examiner's position in relation to 
the rejection issued in the Non-Final Office Action. 

CLAIM REJECTIONS UNDER 35 U.S.C. $112 

Claims 45 is rejected under 35 U.S.C. §112, second paragraph, as indefinite for failing to 
particularly point out and distinctly claim the subject matter which Applicants regard as their 
invention. Applicants hereby amend claim 45, which Applicants submit particularly points out 
and distinctly claims the subject matter which Applicants regard as their invention. Applicants 
request the Examiner to withdraw the rejection of claim 45 under 35 U.S.C. § 1 12, second 
paragraph. 

CLAIM REJECTIONS UNDER 35 U.S.C. $103 

I. Claims 1. 4-6. 16-21, 31-32, 35-37 and 44-45 Rejected Under 35 U.S.C. §103 

Claims 1, 4-6, 16-21, 31-32, 35-37 and 44-45 are rejected under 35 U.S.C. §103(a) as 
unpatentable over U.S. Patent No. 6,772,347 to Xie et al. ("Xie") in view of U.S. Patent 
Publication No. 2004/0250124 to Chesla ("Chesla"). Applicants respectfully traverse this 
rejection. Claims 1,17, 32 and 45 are independent claims. Claims 4-6 and 16 depend on and 
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incorporate all the patentable subject matter of independent claim 1 . Claims 1 8-2 1 and 3 1 
depend on and incorporate all the patentable subject matter of independent claim 17. Claims 35- 
37 and 44 depend on and incorporate all the patentable subject matter of independent claim 32. 
Claim 45 is an independent claim. Applicants submit that the combination of Xie and Chesla 
does not teach or suggest each and every feature of the claimed invention. 

Claims 1, 17, 32 and 45 Patentably Distinguished over Xie in view of Chesla 

To establish prima facie case of obviousness of a claimed invention, all the claim 
limitations must be taught or suggested by the prior art. Claim 1 is directed to a computer- 
implemented method, claim 17 is directed to a system, claim 32 is directed to a computer 
program product, and claim 45 is directed to a method. Claims 1,17, 32 and 45 recite 
determining a frequency with which messages having an attribute were rejected by a rejection 
rule based on the attribute. Xie and Chesla, alone or in combination, fail to teach or suggest each 
and every element of the claimed invention. 

The combination of Xie and Chesla does not teach or suggest determining a frequency 
with which messages having an attribute were rejected by a rejection rule based on the attribute. 
Instead, the combination of Xie and Chesla discusses frequency properties of incoming messages 
that were not rejected by rejection rules. As the Examiner concedes that Xie does not teach or 
suggest this claim limitation, the Examiner cites Chesla' s timing and frequency properties for 
this purpose. However, Chesla' s timing and frequency properties are only attributes of Chesla' s 
arriving data packets that were not rejected by rejection rules. (See Chesla paragraphs: [0064], 
[0065], [0066], [0067], [0071] and [0082]). Thus, the combination of Xie and Chesla does not 
monitor any statistics of the rejected messages, such as the frequency or count of the messages 
rejected based on an attribute. For at least this reason, the combination of Xie and Chesla does 
not teach or suggest determining a frequency with which messages having an attribute were 
rejected by a rejection rule based on the attribute. 

In addition, Applicants submit that the combination of Xie and Chesla also does not teach 
or suggest that the same attribute of the message is used for both the rejection rule and the 
exception rule. The claimed invention recites the received message having an attribute, the 
attribute triggering the rejection rule and an exception rule to the rejection rule being generated 
based on a determination of a frequency of the rejected messages that have the attribute. The 
combination of Xie and Chesla does not use the same attribute for both rejecting and allowing 
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the message. Instead, the combination of Xie and Chesla teaches rejecting incoming packets 
based on one set of attributes and allowing some of the initially rejected packets based on 
additional set of rules that are based on "the additional access control requirements." (See Xie, 
col. 6, line 4). These additional set of rules are a second set of attributes. Thus, for at least this 
reason, the combination of Xie and Chesla also does not teach or suggest using the same attribute 
of the message for both the rejection rule and the exception rule. 

Since the combination of Xie and Chesla does not teach or suggest each and every 
element of the claimed invention, Applicants submit that independent claims 1, 17, 32 and 45 are 
patentable and in condition for allowance. Claims 4-6 and 16 depend on and incorporate all the 
patentable subject matter of independent claim 1. Claims 18-21 and 31 depend on and 
incorporate all the patentable subject matter of independent claim 17. Claims 35-37 and 44 
depend on and incorporate all the patentable subject matter of independent claim 32. Thus, 
Applicants submit dependent claims 4-6, 16, 18-21, 31, 35-37 and 44 are patentable and in 
condition for allowance. Therefore, Applicants request that the Examiner withdraw the rejection 
of claims 1, 4-6, 16-21, 31, 32, 35-37 and 44-45 under 35 U.S.C. §103. 

II. Claims 7-15. 22-30 and 38-43 Rejected Under 35 U.S.C. §103 

Claims 7-15, 22-30 and 38-43 are rejected under 35 U.S.C. §103 as unpatentable over 
Xie in view of Chesla and further in view of U.S. Publication No. 2005/0086206 to 
Balasubramanian et al. ("Balasubramanian"). Claims 7-15 depend on and incorporate all the 
patentable subject matter of independent claim 1. Claims 22-30 depend on and incorporate all 
the patentable subject matter of independent claim 17. Claims 38-43 depend on and incorporate 
all the patentable subject matter of independent claim 32. Applicants traverse these rejections 
and submit that any combination of Xie, Chesla, and Balasubramanian fails to teach or suggest 
each and every element of the claimed invention. 

Dependent Claims 7-15, 22-30 and 38-43 Patentable over Xie, Chesla and 
Balasubramanian 

To establish a prima facie case of obviousness of a claimed invention, all the claim 
limitations must be taught or suggested by the prior art. For the reasons discussed above in 
connection with the rejection of independent claims 1, 17 and 32, Applicants submit that 
independent claims 1,17 and 32 are patentable and in condition for allowance. Thus, the claims 
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dependent from claims 1,17 and 32 are patentable and in condition for allowance: 7-15, 22-30 
and 38-43. As with the combination of Xie and Chesla above, the combination of Xie, Chesla 
and Balasubramanian also fails to teach or suggest determining a frequency with which messages 
having an attribute were rejected by a rejection rule based on the attribute. Therefore, Xie, 
Chesla and Balasubramanian, alone or in combination, fail to detract from the patentability of the 
claimed invention. Accordingly, Applicants submit that dependent claims 7-15, 22-30 and 38-43 
are patentable and in condition for allowance and request the Examiner to withdraw the rejection 
of claims 7-15, 22-30 and 38-43 under 35 U.S.C. §103. 

III. New Dependent Claims 46 and 47 Patentable Over Xie, Chesla and Balasubramanian 

Since claims 46 and 47 depend on and incorporate all the patentable subject matter of the 
independent claim 1, claims 46 and 47 recite determining a frequency with which messages 
having an attribute were rejected by a rejection rule based on the attribute. Since this claimed 
limitation is not taught or suggested by Xie, Chesla and Balasubramanian, alone or in 
combination, claims 46 and 47 are patentable and in condition for allowance. 

In addition to the reasons for the patentability of claims 46 and 47 provided above, claims 
46 and 47 provide an additional basis for patentability. Claim 46 recites receiving, by the 
security gateway, the first message from a user, the first message comprising a cookie session 
identifier field and a value of the cookie session identifier. This claim further recites rejecting, 
by the message filter, the first message based on a second rejection rule, the second rejection rule 
rejecting messages having a cookie session identifier attribute, the cookie session identifier 
attribute indicating that the cookie session identifier field of the first message cannot be changed 
and that the value of the cookie session identifier is different from a previously stored cookie 
session identifier value. This claim also recites incrementing, by the learning engine for the 
attribute, a second count of messages from the user received via plurality of user sessions and 
within a predetermined amount of time and rejected based on the cookie session identifier 
attribute and determining, by the learning engine based on the second count, a second frequency 
with which messages with the cookie session identifier attribute from the user were rejected 
based on the second rejection rule. Applicants submit that no combination of Xie, Chesla and 
Balasubramanian teaches or suggests these claimed limitations. 
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Claim 47 recites receiving, by the security gateway, a first message from a user, the first 
message comprising a webpage that includes a password field and a user login field and 
rejecting, by the message filter, the first message based on a second rejection rule for a field 
attribute, the field attribute indicating that any one of the password field or the user login field 
exceeds a predetermined number of characters. This claim also recites incrementing, by the 
learning engine for the attribute, a second count of messages from the user received via plurality 
of user sessions and within a predetermined amount of time and rejected based on the field 
attribute. This claim further recites determining, by the learning engine based on the second 
count for the field attribute, a second frequency with which messages having the field attribute 
were rejected based on the second rejection rule and generating, by the learning engine, a second 
exception rule to the second rejection rule in response to the determined second frequency 
exceeding the predetermined threshold within the predetermined amount of time. Applicants 
submit that no combination of Xie, Chesla and Balasubramanian teaches or suggests these 
claimed limitations 

Therefore, the combination of Xie, Chesla and Balasubramanian fails to teach or suggest 
the above recited claim limitations of claims 46 and 47. For at least these reasons Applicants 
submit that claims 46 and 47 are patentable and in condition for allowance. 
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CONCLUSION 

In light of the aforementioned amendments and arguments, Applicants contend that each 
of the Examiners rejections has been adequately addressed and all of the pending claims are in 
condition for allowance. Accordingly, Applicants respectfully request reconsideration, 
withdrawal of all grounds of rejection, and allowance of all of the pending claims. 

Should the Examiner feel that a telephone conference with Applicants' attorney would 
expedite prosecution of this application, the Examiner is urged to contact the Applicants' 
attorney at the telephone number identified below. 

Respectfully submitted, 

CHOATE, HALL & STEWART, LLP 

Dated: March 30. 2009 /Christopher J. McKenna/ 

Christopher J. McKenna 
Registration No. 53,302 
Attorney for Applicants 

Choate, Hall & Stewart, LLP 
Two International Place 
Boston, MA 021 10 
(617) 248-5000 



- 17- 



